A Call to Action: Stop the FCC's KYC Regime

Sign in<br>Subscribe

Robocalls are really annoying. Everyone knows the misery of scam calls, spoofed numbers, fake warranty pitches, fraudulent bank alerts, and automated political spam. The FCC is correct to claim that illegal calls erode trust in the phone system and cost Americans time, money, and security. But this problem does not justify a dragnet solution. Under the guise of fighting robocallers, the FCC is now considering “Know Your Customer” rules that could force phone providers to collect identity information from ordinary people before they can acquire or renew service with a phone carrier.<br>The proposal is being sold as consumer protection, but the surveillance regime it would create is something else entirely.<br>On April 30, 2026, the FCC adopted a Further Notice of Proposed Rulemaking seeking stronger KYC rules for voice service providers. The agency says possible measures include requiring providers to verify customer identities before enabling service, including name, address, government ID, and alternate phone numbers. The item was approved by Chairman Brendan Carr and Commissioners Gomez and Trusty.<br>That should alarm anyone who believes phone access is basic infrastructure, not a privilege conditioned on identity verification. The danger is not that the FCC wants to punish robocall scammers. The danger is that the FCC is contemplating rules that would put millions of innocent people into telecom identity databases in the hope that criminals will be inconvenienced. We've seen this playbook before. Such measures take more privacy from lawful users while determined criminals will adapt and find ways around the "gate."<br>KYC rules seen stopping determined criminalsKYC does not reliably stop determined criminals. We know this to be true simply from looking at KYC requirements in the financial system. There's no shortage of money laundering that occurs through regulated venues, in part because criminals don't have much trouble providing the required documentation to pass KYC checks. Why is this easy to route around? Mainly because so much personally identifiable information gets leaked on an ongoing basis that entire markets exist to trade this information. Buying a new identity and the associated documents to go along with it is cheap.<br>Burner Phones Are Important Tools<br>The proposal also reaches directly into prepaid service. The FCC is asking whether KYC requirements should vary between prepaid and postpaid plans, what information wireless providers currently obtain from prepaid SIM customers, and whether KYC measures should be imposed for prepaid service purchased through third-party vendors. That is the heart of the burner-phone issue. A prepaid phone is not just a movie prop for criminals. It can be a lifeline for a domestic violence survivor, a worker reporting misconduct, a journalist protecting a source, a protester avoiding retaliation, or someone who simply does not want every communication account tied to a government ID.<br>ACLU senior policy analyst Jay Stanley warned that the rulemaking contemplates taking away people’s ability to get a burner phone and could harm low-income people, domestic violence victims, and anyone who values privacy. That is the point the public needs to understand: anonymous or pseudonymous communication is not suspicious by default .<br>I've used KYC-free phone services for many years both as a security and privacy protection tactic. I, like anyone who might be suspected of having access to significant amounts of bitcoin, need strong privacy in order to protect myself from wrench attacks. This is not a theoretical threat; hundreds of Bitcoiners have been physically attacked and I myself have been swatted and extorted.<br>The most chilling parts of the FCC’s proposal go beyond ordinary ID collection. In its section on risk-based KYC differences, the FCC even asks whether providers should consult lists of terrorists, terrorist organizations, and “criminal persons” maintained by law enforcement entities. We've also seen this before and such lists would surely lead to false positives, abuse of innocent people being opaquely added to said lists, and the possibility that people could be denied basic communication infrastructure without a conviction or meaningful due process. Even though the FCC frames this as a question rather than a final decision, it is a dangerous question for a communications regulator to normalize.<br>The proposal also contemplates long retention periods. The FCC asks about requiring providers to retain KYC information and supporting records for four years after the customer relationship ends. That means the risk does not end when someone cancels service. A person’s identifying information could remain in carrier databases for years, exposed to breach, misuse, subpoena, sale, or mission creep.<br>Mission creep is already visible in the FCC’s own words. The agency asks whether enhanced KYC rules could help law...